DCE Installation, Configuration, and Management Guide
Recommended Usage
HP NonStop DCE Installation, Configuration, and Management Guide—429552-005
6-3
Using the acl_edit_tdm Utility
Using the acl_edit_tdm Utility
For better performance, dce_config uses the utility program acl_edit_tdm to set
access control list (ACL) security permissions within a virtual host. acl_edit_tdm
issues multiple acl_edit commands in a single invocation. However,
acl_edit_tdm can communicate with only one ACL manager during each invocation.
To initiate continuation mode, execute acl_edit_tdm without input parameters. The
sec_acl_edit_tdm> prompt indicates this new mode. Enter either the name of an
object to process with acl_edit or quit.
The syntax to access an object is the same as that for acl_edit. For example, these
commands can be entered from acl_edit_tdm:
/opt/dcelocal.hostname/bin/acl_edit_tdm
sec_acl_edit_tdm>/.:/hosts -m user:hosts/hostname/self:rwdtcia
sec_acl_edit_tdm> -e /.:/sec \
> -m group:subsys/dce/sec_admin:rwcdt \
> -m user:dce-rgy:rwcdt
sec_acl_edit_tdm> quit
where hostname is the name of the virtual host.
Being the DCE Privuser
The operation of NonStop DCE on a NonStop system is controlled by the DCE
privuser, which is a NonStop system user ID in the super group, defined during
initialization of the security server. The users permitted to use the dce_config actions
are summarized in Table 6-1.
Table 6-1. dce_config Actions and Permitted Users
Action User Permitted
1 (Install) Super ID
2-1 (Initial configure) Super ID
2-2 (Configure additional server) DCE privuser
2-3 (Configure DCE client) DCE privuser
2-4 (Configure DCED as Endpoint Mapper) DCE privuser
3 (Restart demons) DCE privuser
4 (Stop demons) DCE privuser or super ID
5 (Unconfigure) DCE privuser or super ID
6 (Stop demons, remove data files) DCE privuser or super ID
7 (Uninstall) Super ID